pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Include all Azure config in the INI file.

Browse Source 
Adds all the new config items to the INI file and adjusts some naming
conventions so that these values sort together. Also adds defaults for
some values where they're known.
This commit is contained in:
dandds
2020-02-04 16:12:45 -05:00
parent ece4b20bcf
commit b754f1384f
4 changed files with 28 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.secrets.baseline
View File

@@ -3,7 +3,7 @@
"files": "^.secrets.baseline$|^.*pgsslrootcert.yml$", "files": "^.secrets.baseline$|^.*pgsslrootcert.yml$",
"lines": null "lines": null
}, },
"generated_at": "2020-01-27T19:24:43Z", "generated_at": "2020-02-04T21:00:49Z",
"plugins_used": [ "plugins_used": [
{ {
"base64_limit": 4.5, "base64_limit": 4.5,
@@ -82,7 +82,7 @@
"hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3", "hashed_secret": "afc848c316af1a89d49826c5ae9d00ed769415f3",
"is_secret": false, "is_secret": false,
"is_verified": false, "is_verified": false,
"line_number": 32, "line_number": 43,
"type": "Secret Keyword" "type": "Secret Keyword"
} }
], ],

12
atst/domain/csp/cloud/azure_cloud_provider.py
View File

@@ -97,10 +97,14 @@ class AzureCloudProvider(CloudProviderInterface):
self.secret_key = config["AZURE_SECRET_KEY"] self.secret_key = config["AZURE_SECRET_KEY"]
self.tenant_id = config["AZURE_TENANT_ID"] self.tenant_id = config["AZURE_TENANT_ID"]
self.vault_url = config["AZURE_VAULT_URL"] self.vault_url = config["AZURE_VAULT_URL"]
self.ps_client_id = config["POWERSHELL_CLIENT_ID"] self.ps_client_id = config["AZURE_POWERSHELL_CLIENT_ID"]
self.owner_role_def_id = config["AZURE_OWNER_ROLE_DEF_ID"]
self.graph_resource = config["AZURE_GRAPH_RESOURCE"] self.graph_resource = config["AZURE_GRAPH_RESOURCE"]
self.default_aadp_qty = config["AZURE_AADP_QTY"] self.default_aadp_qty = config["AZURE_AADP_QTY"]
self.roles = {
"owner": config["AZURE_ROLE_DEF_ID_OWNER"],
"contributor": config["AZURE_ROLE_DEF_ID_CONTRIBUTOR"],
"billing": config["AZURE_ROLE_DEF_ID_BILLING_READER"],
}
if azure_sdk_provider is None: if azure_sdk_provider is None:
self.sdk = AzureSDKProvider() self.sdk = AzureSDKProvider()
@@ -602,7 +606,7 @@ class AzureCloudProvider(CloudProviderInterface):
def create_tenant_admin_ownership(self, payload: TenantAdminOwnershipCSPPayload): def create_tenant_admin_ownership(self, payload: TenantAdminOwnershipCSPPayload):
mgmt_token = self._get_elevated_management_token(payload.tenant_id) mgmt_token = self._get_elevated_management_token(payload.tenant_id)
role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.owner_role_def_id}" role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.roles['owner']}"
request_body = { request_body = {
"properties": { "properties": {
@@ -630,7 +634,7 @@ class AzureCloudProvider(CloudProviderInterface):
mgmt_token = self._get_elevated_management_token(payload.tenant_id) mgmt_token = self._get_elevated_management_token(payload.tenant_id)
# NOTE: the tenant_id is also the id of the root management group, once it is created # NOTE: the tenant_id is also the id of the root management group, once it is created
role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.owner_role_def_id}" role_definition_id = f"/providers/Microsoft.Management/managementGroups/{payload.tenant_id}/providers/Microsoft.Authorization/roleDefinitions/{self.roles['owner']}"
request_body = { request_body = {
"properties": { "properties": {

18
config/base.ini
View File

@@ -1,9 +1,19 @@
[default] [default]
ASSETS_URL ASSETS_URL
AZURE_AADP_QTY=5
AZURE_ACCOUNT_NAME AZURE_ACCOUNT_NAME
AZURE_STORAGE_KEY AZURE_CLIENT_ID
AZURE_TO_BUCKET_NAME AZURE_GRAPH_RESOURCE="https://graph.microsoft.com/"
AZURE_POLICY_LOCATION=policies AZURE_POLICY_LOCATION=policies
AZURE_POWERSHELL_CLIENT_ID
AZURE_ROLE_DEF_ID_BILLING_READER="fa23ad8b-c56e-40d8-ac0c-ce449e1d2c64"
AZURE_ROLE_DEF_ID_CONTRIBUTOR="b24988ac-6180-42a0-ab88-20f7382dd24c"
AZURE_ROLE_DEF_ID_OWNER="8e3af657-a8ff-443c-a75c-2fe8c4bcb635"
AZURE_SECRET_KEY
AZURE_STORAGE_KEY
AZURE_TENANT_ID
AZURE_TO_BUCKET_NAME
AZURE_VAULT_URL
BLOB_STORAGE_URL=http://localhost:8000/ BLOB_STORAGE_URL=http://localhost:8000/
CAC_URL = http://localhost:8000/login-redirect CAC_URL = http://localhost:8000/login-redirect
CA_CHAIN = ssl/server-certs/ca-chain.pem CA_CHAIN = ssl/server-certs/ca-chain.pem
@@ -42,10 +52,10 @@ REDIS_TLS=False
REDIS_USER REDIS_USER
SECRET_KEY = change_me_into_something_secret SECRET_KEY = change_me_into_something_secret
SERVER_NAME SERVER_NAME
SESSION_COOKIE_NAME=atat
SESSION_COOKIE_DOMAIN SESSION_COOKIE_DOMAIN
SESSION_KEY_PREFIX=session: SESSION_COOKIE_NAME=atat
SESSION_COOKIE_SECURE=false SESSION_COOKIE_SECURE=false
SESSION_KEY_PREFIX=session:
SESSION_TYPE = redis SESSION_TYPE = redis
SESSION_USE_SIGNER = True SESSION_USE_SIGNER = True
SQLALCHEMY_ECHO = False SQLALCHEMY_ECHO = False

6
tests/mock_azure.py
View File

@@ -9,8 +9,10 @@ AZURE_CONFIG = {
"AZURE_TENANT_ID": "MOCK", "AZURE_TENANT_ID": "MOCK",
"AZURE_POLICY_LOCATION": "policies", "AZURE_POLICY_LOCATION": "policies",
"AZURE_VAULT_URL": "http://vault", "AZURE_VAULT_URL": "http://vault",
"POWERSHELL_CLIENT_ID": "MOCK", "AZURE_POWERSHELL_CLIENT_ID": "MOCK",
"AZURE_OWNER_ROLE_DEF_ID": "MOCK", "AZURE_ROLE_DEF_ID_OWNER": "MOCK",
"AZURE_ROLE_DEF_ID_CONTRIBUTOR": "MOCK",
"AZURE_ROLE_DEF_ID_BILLING_READER": "MOCK",
"AZURE_GRAPH_RESOURCE": "MOCK", "AZURE_GRAPH_RESOURCE": "MOCK",
"AZURE_AADP_QTY": 5, "AZURE_AADP_QTY": 5,
} }